gnupg.git
3 years agogpg: Print a new EXPORTED status line.
Werner Koch [Thu, 12 Nov 2015 16:02:18 +0000 (17:02 +0100)]
gpg: Print a new EXPORTED status line.

* common/status.h (STATUS_EXPORTED): New.
* g10/export.c (print_status_exported): New.
(do_export_stream): Call that function.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Print export statistics to the status-fd.
Werner Koch [Thu, 12 Nov 2015 15:02:35 +0000 (16:02 +0100)]
gpg: Print export statistics to the status-fd.

* common/status.h (STATUS_EXPORT_RES): New.
* g10/main.h (export_stats_t): New.
* g10/export.c (export_stats_s): New.
(export_new_stats, export_release_stats): New.
(export_print_stats): New.
(export_pubkeys, export_seckeys, export_secsubkeys)
(export_pubkey_buffer, do_export): Add arg "stats".
(do_export_stream): Add arg stats and update it.
* g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
pass, and print a stats object to the export function calls.

* g10/export.c (export_pubkeys_stream): Remove unused function.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Do not block during ADNS calls.
Werner Koch [Thu, 12 Nov 2015 12:31:59 +0000 (13:31 +0100)]
dirmngr: Do not block during ADNS calls.

* dirmngr/dns-stuff.c: Include npth.h
(my_unprotect, my_protect): New wrapper.
(resolve_name_adns): Put unprotect/protect around adns calls.
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: New option --nameserver.
Werner Koch [Thu, 12 Nov 2015 12:20:18 +0000 (13:20 +0100)]
dirmngr: New option --nameserver.

* dirmngr/dirmngr.c (oNameServer): New.
(opts): Add --nameserver.
(parse_rereadable_options): Act upon oNameServer.
* dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
(tor_nameserver): New.
(set_dns_nameserver): New.
(my_adns_init): Make name server configurable.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix cache consistency problem.
Neal H. Walfield [Wed, 11 Nov 2015 17:26:53 +0000 (18:26 +0100)]
gpg: Fix cache consistency problem.

g10/keyring.c (keyring_search): Only mark the cache as completely
filled if we start the scan from the beginning of the keyring.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: NIIBE Yutaka <gniibe@fsij.org>
A new feature (e8c53fc) turned up a bug whereby checking if a search
term matches multiple keys in the keyring causes the cache to be
inconsistent.

When we look for a key on the keyring, we iterate over each of the
keyblocks starting with the keyblock following the last result.  For
each keyblock, we iterate over the public key and any subkeys.  As we
iterate over each key, we first insert it into the cache and then
check if the key matches.  If so, we are done.

In pseudo code:

  for (i = last_result + 1; i < num_records; i ++)
    keyblock = get_keyblock (i)
    for (j = 1; j < len(keyblock); j ++)
      key = keyblock[j]
      update_cache (key)
      if (compare (key, search_terms))
        return ok
  cache_filled = true
  return ENOFOUND

When we look for the next match, we start with the following keyblock.
The result is that any subkeys following the key that matched are not
added to the cache (in other words, when a keyblock matches, the inner
loop did not necessarily complete and the subsequent search doesn't
resume it).

This patch includes a straightforward fix: only indicate the cache as
complete if we started the scan from the beginning of the keyring and
really didn't find anything.

3 years agogpg: Default to the the PGP trust model.
Neal H. Walfield [Tue, 10 Nov 2015 07:05:17 +0000 (08:05 +0100)]
gpg: Default to the the PGP trust model.

* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Default to the flat TOFU DB format.
Neal H. Walfield [Tue, 10 Nov 2015 07:03:57 +0000 (08:03 +0100)]
gpg: Default to the flat TOFU DB format.

* g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
is no TOFU DB, default to the flat format.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Change to new ADNS Tor mode init scheme.
Werner Koch [Mon, 9 Nov 2015 19:44:13 +0000 (20:44 +0100)]
dirmngr: Change to new ADNS Tor mode init scheme.

* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--

Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.

Todo: We need to find a policy when to requrest a new curcuit and we
      also need to add credentials to the assuan_sock_connect calls.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Improve detection of ADNS.
Werner Koch [Mon, 9 Nov 2015 19:34:42 +0000 (20:34 +0100)]
dirmngr: Improve detection of ADNS.

* configure.ac (HAVE_ADNS_FREE): New ac_define.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Add reder information to --card-status.
NIIBE Yutaka [Mon, 9 Nov 2015 07:15:44 +0000 (16:15 +0900)]
scd: Add reder information to --card-status.

* g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
g10/card-util.c (card_status): Add READER.
* scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
(apdu_get_reader_name): New.
* scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
* scd/command.c (cmd_learn): Return READER information.

3 years agogpg: Avoid new strings.
Werner Koch [Fri, 6 Nov 2015 12:29:01 +0000 (13:29 +0100)]
gpg: Avoid new strings.

* g10/decrypt-data.c (decrypt_data): Use already translated strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Fix commit f99830b.
Werner Koch [Fri, 6 Nov 2015 12:20:01 +0000 (13:20 +0100)]
common: Fix commit f99830b.

* common/userids.c (classify_user_id): Avoid underflow.  Use spacep to
also trim tabs.
--

This is actually not fully consistent because the now used
trim_trailing_spaces uses the locale dependent isspace and not spacep.
Given that the use of isspace is anyway problematic we should check
whether we can chnage trim_trailing_spaces.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix formatting string.
Neal H. Walfield [Fri, 6 Nov 2015 12:15:34 +0000 (13:15 +0100)]
gpg: Fix formatting string.

* g10/decrypt-data.c (decrypt_data): Fix formatting string.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Add new option --only-sign-text-ids.
Neal H. Walfield [Fri, 6 Nov 2015 12:14:57 +0000 (13:14 +0100)]
gpg: Add new option --only-sign-text-ids.

* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702

3 years agocommon: When classifying keyids and fingerprints, reject trailing junk.
Neal H. Walfield [Fri, 6 Nov 2015 11:31:16 +0000 (12:31 +0100)]
common: When classifying keyids and fingerprints, reject trailing junk.

* common/userids.c (classify_user_id): Trim any trailing whitespace.
Before assuming that a hexstring corresponds to a key id or
fingerprint, make sure that it is NUL terminated.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1206
Debian-bug-id: 575084

3 years agogpg: Check for ambiguous or non-matching key specs.
Neal H. Walfield [Thu, 5 Nov 2015 16:29:53 +0000 (17:29 +0100)]
gpg: Check for ambiguous or non-matching key specs.

* g10/gpg.c (check_user_ids): New function.
(main): Check that any user id specifications passed to --local-user
and --remote-user correspond to exactly 1 user.  Check that any user
id specifications passed to --default-key correspond to at most 1
user.  Warn if any user id specifications passed to --local-user or
--default-user are possible ambiguous (are not specified by long keyid
or fingerprint).
* g10/getkey.c (parse_def_secret_key): Don't warn about possible
ambiguous key descriptions here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1128
Debian-debug-id: 544490

3 years agocommon: Add new function strlist_rev.
Neal H. Walfield [Fri, 6 Nov 2015 09:51:35 +0000 (10:51 +0100)]
common: Add new function strlist_rev.

* common/strlist.c (strlist_rev): New function.
* common/t-strlist.c: New file.
* common/Makefile.am (common_sources): Add strlist.c and strlist.h.
(module_tests): Add t-strlist.
(t_strlist_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Include required, but not included headers in t-support.h.
Neal H. Walfield [Fri, 6 Nov 2015 09:49:09 +0000 (10:49 +0100)]
common: Include required, but not included headers in t-support.h.

* common/t-support.h: Include <stdlib.h> and <stdio.h>.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Indicate which characters are invalid.
Neal H. Walfield [Thu, 5 Nov 2015 13:31:58 +0000 (14:31 +0100)]
gpg: Indicate which characters are invalid.

* g10/keygen.c (ask_user_id): Indicate which characters are invalid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1143

3 years agogpg: Add support for unwrapping the outer level of encryption.
Neal H. Walfield [Thu, 5 Nov 2015 11:20:42 +0000 (12:20 +0100)]
gpg: Add support for unwrapping the outer level of encryption.

* g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
copy the data to the output file instead of continuing to process it.
* g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
(opts): Handle oUnwrap.
(main): Likewise.
* g10/options.h (opt): Add field unwrap_encryption.
* g10/plaintext.c (handle_plaintext): Break the output file selection
functionality into ...
(get_output_file): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1060
Debian-bug-id: 282061

3 years agocommon: Add a function for copying data from one iobuf to another.
Neal H. Walfield [Thu, 5 Nov 2015 11:19:45 +0000 (12:19 +0100)]
common: Add a function for copying data from one iobuf to another.

* common/iobuf.c (iobuf_copy): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodoc: Note that gpgkey2ssh is deprecated.
Neal H. Walfield [Thu, 5 Nov 2015 13:08:49 +0000 (14:08 +0100)]
doc: Note that gpgkey2ssh is deprecated.

* doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agotools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg.
Neal H. Walfield [Thu, 5 Nov 2015 12:59:33 +0000 (13:59 +0100)]
tools: Fix gpgkey2ssh's most gratuitous errors.  Use gpg2, not gpg.

* tools/gpgkey2ssh.c (main): Add support for --help.  Replace the most
gratuitous asserts with error messages.  Invoke gpg2, not gpg.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Debian-bug-id: 380241

3 years agodoc: Add documentation for gpgkey2ssh.
Neal H. Walfield [Thu, 5 Nov 2015 12:57:32 +0000 (13:57 +0100)]
doc: Add documentation for gpgkey2ssh.

* doc/tools.texi: Add documentation for gpgkey2ssh.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 1067
Debian-bug-id 380241

3 years agogpg: Print a better error message for --multifile --sign --encrypt.
Neal H. Walfield [Wed, 4 Nov 2015 12:27:49 +0000 (13:27 +0100)]
gpg: Print a better error message for --multifile --sign --encrypt.

* g10/gpg.c (main): Print a better error message for --multifile
--sign --encrypt.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1009

3 years agogpg: Add --encrypt-to-default-key.
Neal H. Walfield [Tue, 3 Nov 2015 22:39:46 +0000 (23:39 +0100)]
gpg: Add --encrypt-to-default-key.

* g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
export the function.
* g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
(opts): Handle oEncryptToDefaultKey.
(main): Likewise.
* g10/options.h (opt): Add field encrypt_to_default_key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 807

3 years agogpg: Allow multiple --default-key options. Take the last available key.
Neal H. Walfield [Tue, 3 Nov 2015 22:15:27 +0000 (23:15 +0100)]
gpg: Allow multiple --default-key options.  Take the last available key.

* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806

3 years agoscd: Fix error handling with libusb-compat library.
NIIBE Yutaka [Wed, 4 Nov 2015 12:07:49 +0000 (21:07 +0900)]
scd: Fix error handling with libusb-compat library.

* scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.

--

With libusb-compat library, the error is different than original
libusb.  (The libusb-compat library is used by Fedora.)

3 years agoscd: fix change_keyattr.
NIIBE Yutaka [Wed, 4 Nov 2015 01:48:59 +0000 (10:48 +0900)]
scd: fix change_keyattr.

* scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.

3 years agogpg: Change out of core error message.
Werner Koch [Tue, 3 Nov 2015 22:15:57 +0000 (23:15 +0100)]
gpg: Change out of core error message.

* g10/tofu.c (fingerprint_str): Die with the error code returned by
the failed function.
(time_ago_str): Ditto.  Do not make a comma translatable.
(fingerprint_format): Use "%zu" for a size_t.
--

Also wrapped some long strings.

In general we should not use log_fatal or use xmalloc functions but
properly return an error code and use xtrymalloc like functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Make translation easier.
Werner Koch [Tue, 3 Nov 2015 19:44:14 +0000 (20:44 +0100)]
gpg: Make translation easier.

* g10/import.c (import_secret_one): Split info string for easier
translation.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Also show when the most recently signed message was observed.
Neal H. Walfield [Tue, 3 Nov 2015 15:26:25 +0000 (16:26 +0100)]
gpg: Also show when the most recently signed message was observed.

* g10/tofu.c (show_statistics): Also show when the most recently
signed message was observed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Suggested-by: MFPA <2014-667rhzu3dc-lists-groups@riseup.net>
3 years agogpg: Split a utility function out of a large function.
Neal H. Walfield [Tue, 3 Nov 2015 15:24:08 +0000 (16:24 +0100)]
gpg: Split a utility function out of a large function.

* g10/tofu.c (show_statistics): Break the time delta to string code
into...
(time_ago_str): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Fix message formatting.
Neal H. Walfield [Tue, 3 Nov 2015 14:51:29 +0000 (15:51 +0100)]
gpg: Fix message formatting.

* g10/tofu.c (get_trust): Fix message formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't store formatting fingerprints in the TOFU DB.
Neal H. Walfield [Tue, 3 Nov 2015 14:43:03 +0000 (15:43 +0100)]
gpg: Don't store formatting fingerprints in the TOFU DB.

* g10/tofu.c (fingerprint_pp): Split this function into...
(fingerprint_str): ... this function...
(fingerprint_format): ... and this function.
(record_binding): Store the unformatted fingerprint in the DB.  Only
use the formatting fingerprint when displaying a message to the user.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register): Likewise.
(tofu_get_validity): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agog10: notify a user when importing stub is skipped.
NIIBE Yutaka [Mon, 2 Nov 2015 05:33:38 +0000 (14:33 +0900)]
g10: notify a user when importing stub is skipped.

* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
when stub_key_skipped.
(import_secret_one): Notify a user, suggesting --card-status.

--

Migration to 2.1 might be confusing with smartcard.  With this patch,
a user can learn to run gpg ---card-status.

Thanks to intrigeri for the report.

Debian-bug-id: 795881

3 years agogpg: Consider newlines to be whitespace in an SQL statement.
Neal H. Walfield [Sat, 31 Oct 2015 00:49:32 +0000 (01:49 +0100)]
gpg: Consider newlines to be whitespace in an SQL statement.

* g10/sqlite.c (sqlite3_stepx): When making sure that there is no
second SQL statement, ignore newlines.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Improve t-zb32 to be used for manual encoding.
Werner Koch [Fri, 30 Oct 2015 11:40:22 +0000 (12:40 +0100)]
common: Improve t-zb32 to be used for manual encoding.

* common/t-support.h (no_exit_on_fail, errcount): New.
(fail): Bump errcount.
* common/t-zb32.c (main): Add options to allow manual use.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add separate header for zb32.c.
Werner Koch [Fri, 30 Oct 2015 11:33:40 +0000 (12:33 +0100)]
common: Add separate header for zb32.c.

* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new.  Include this for all callers of zb32_encode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoUse of some C99 features is now permitted.
Werner Koch [Thu, 29 Oct 2015 14:03:55 +0000 (15:03 +0100)]
Use of some C99 features is now permitted.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Display the correct error message.
Neal H. Walfield [Thu, 29 Oct 2015 09:09:58 +0000 (10:09 +0100)]
gpg: Display the correct error message.

* g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
RC does not contain the error code.  Save the error code in rc2 and
use that.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Eliminate a memory leak.
Neal H. Walfield [Thu, 29 Oct 2015 09:01:43 +0000 (10:01 +0100)]
gpg: Eliminate a memory leak.

* g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
failure.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Remove unused prototype.
Neal H. Walfield [Thu, 29 Oct 2015 08:58:02 +0000 (09:58 +0100)]
gpg: Remove unused prototype.

g10/keyring.h (keyring_locate_writable): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Eliminate a memory leak.
Neal H. Walfield [Thu, 29 Oct 2015 08:57:00 +0000 (09:57 +0100)]
gpg: Eliminate a memory leak.

* g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Fix keyring support.
Neal H. Walfield [Thu, 29 Oct 2015 08:52:56 +0000 (09:52 +0100)]
gpg: Fix keyring support.

* g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
if it is actually prepared, which it only is if the resource is a
keybox.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
Neal H. Walfield [Thu, 29 Oct 2015 08:36:36 +0000 (09:36 +0100)]
gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.

* g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
(sqlite3_stepx_callback): New declaration.
(sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
which passes an additional parameter, the sqlite3_stmt *.  Update
users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Move sqlite helper functions into their own file.
Neal H. Walfield [Wed, 28 Oct 2015 12:12:27 +0000 (13:12 +0100)]
gpg: Move sqlite helper functions into their own file.

* g10/tofu.c (sqlite3_exec_printf): Move from here...
* g10/sqlite.c (sqlite3_exec_printf): ... to this new file.  Don't
mark as static.
* g10/tofu.c (sqlite3_stepx): Move from here...
* g10/sqlite.c (sqlite3_stepx): ... to this new file.  Don't
mark as static.
* g10/tofu.c (enum sqlite_arg_type): Move from here...
* g10/sqlite.h (enum sqlite_arg_type): ... to this new file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodoc: Don't install gpg-zip.1.
NIIBE Yutaka [Thu, 29 Oct 2015 01:26:04 +0000 (10:26 +0900)]
doc: Don't install gpg-zip.1.

* doc/Makefile.am (myman_pages): Remove gpg-zip.1.
(DISTCLEANFILES): Add gpg-zip.1.

--

Thanks to Thomas Klausner.

GnuPG-bug-id: 2095

3 years agosm: Allow combination of usage flags --gen-key.
Werner Koch [Wed, 28 Oct 2015 17:57:53 +0000 (18:57 +0100)]
sm: Allow combination of usage flags --gen-key.

* sm/certreqgen.c (create_request): Re-implement building of the
key-usage extension.
--

GnuPG-bug-id: 2029
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Document some changed default options.
Damien Goutte-Gattat [Wed, 28 Oct 2015 07:09:49 +0000 (08:09 +0100)]
doc: Document some changed default options.

* doc/gpg.texi: Update the description of some options which are
  now enabled by default.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
3 years agodirmngr: Fix NULL-deref while loading a CRL.
Werner Koch [Wed, 28 Oct 2015 10:57:00 +0000 (11:57 +0100)]
dirmngr: Fix NULL-deref while loading a CRL.

* dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
failure.
--

GnuPG-bug-id: 2082
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoFix typos
Daniel Kahn Gillmor [Tue, 27 Oct 2015 21:09:43 +0000 (17:09 -0400)]
Fix typos

--

3 years agoagent: Clarify agent's KEYWRAP_KEY description.
Daniel Kahn Gillmor [Tue, 27 Oct 2015 21:09:40 +0000 (17:09 -0400)]
agent: Clarify agent's KEYWRAP_KEY description.

--

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agodirmngr: Minor cleanup of the SRV RR code.
Werner Koch [Wed, 28 Oct 2015 09:14:07 +0000 (10:14 +0100)]
dirmngr: Minor cleanup of the SRV RR code.

* dirmngr/dns-stuff.c: Include unistd.h.
(getsrv): Run srand only once.
* dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
and change output format.

3 years agodirmngr: Add a getaddrinfo wrapper backend using ADNS.
Werner Koch [Wed, 28 Oct 2015 07:55:01 +0000 (08:55 +0100)]
dirmngr: Add a getaddrinfo wrapper backend using ADNS.

* dirmngr/dns-stuff.c: Replace all use of default_errsource.
(my_adns_init): Move to top.
(resolve_name_adns): New.
(resolve_dns_name) [USE_ADNS]: Divert to new func.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Do not call an extra get_validity if no-show-uid-validity is used.
Werner Koch [Mon, 26 Oct 2015 19:36:16 +0000 (20:36 +0100)]
gpg: Do not call an extra get_validity if no-show-uid-validity is used.

* g10/mainproc.c (check_sig_and_print): Do not call the informational
get_validity if we are not going to use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Ensure all weak digest rejection notices are shown
Daniel Kahn Gillmor [Fri, 23 Oct 2015 21:46:57 +0000 (17:46 -0400)]
gpg: Ensure all weak digest rejection notices are shown

* g10/main.h: Add rejection_shown flag to each weakhash struct
* g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
treat MD5 separately; (print_digest_rejected_note): Use
weakhash.rejection_shown instead of static shown.
* g10/options.h (opt): Change from additional_weak_digests to
weak_digests.
* g10/sig-check.c: Do not treat MD5 separately.
* g10/gpg.c (main): Explicitly set MD5 as weak.
* g10/gpgv.c (main): Explicitly set MD5 as weak.

--

Previously, only one weak digest rejection message was shown, of
whichever was the first type encountered.  This meant that if "gpg
--weak-digest SHA224" encountered both an MD5 digest and a SHA224
digest, it would only show the user that the MD5 digest was rejected.

In order to let the user know which algorithms were rejected, we
needed to move the "shown" flag into a per-weak-algorithm location.
Given this additional complication, it made no sense to continue to
treat MD5 specially, so it is added as a default weak algorithm in the
same opt.weak_digests data structure as any other.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agow32: Make it build again if Tofu support is not available.
Werner Koch [Mon, 26 Oct 2015 15:38:41 +0000 (16:38 +0100)]
w32: Make it build again if Tofu support is not available.

* g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add example Tor hidden service.
Werner Koch [Mon, 26 Oct 2015 15:32:32 +0000 (16:32 +0100)]
dirmngr: Add example Tor hidden service.

--

3 years agodirmngr: Support Tor hidden services.
Werner Koch [Mon, 26 Oct 2015 15:32:03 +0000 (16:32 +0100)]
dirmngr: Support Tor hidden services.

* dirmngr/dns-stuff.c (is_onion_address): New.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
(map_host): Special case onion addresses.
(ks_hkp_print_hosttable): Print an 'O' for an onion address.
* dirmngr/http.c (connect_server): Special case onion addresses.
--

Note that this requires the latest libassuan from git.  Onion addresses
are always support regardless of the --use-tor flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr,w32: Remove gethostbyname hack and make it build again.
Werner Koch [Mon, 26 Oct 2015 14:53:31 +0000 (15:53 +0100)]
dirmngr,w32: Remove gethostbyname hack and make it build again.

* dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
we require getaddrinfo anyway.
* dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
(map_eai_to_gpg_error) [W32]: Take care of unsupported codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Make sure we only have a single SQL statement.
Neal H. Walfield [Mon, 26 Oct 2015 12:41:07 +0000 (13:41 +0100)]
gpg: Make sure we only have a single SQL statement.

* g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
statement.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When the TOFU DB is in batch mode, periodically drop the locks.
Neal H. Walfield [Mon, 26 Oct 2015 12:36:12 +0000 (13:36 +0100)]
gpg: When the TOFU DB is in batch mode, periodically drop the locks.

* g10/tofu.c: Include <sched.h>.
(batch_update_started): New variable.
(begin_transaction): If we've been in batch mode for a while, then
commit any extant batch transactions.
(tofu_begin_batch_update): If we are not in batch mode, initialize
batch_update_started.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Add workaround for broken getaddrinfo.
Werner Koch [Sun, 25 Oct 2015 15:38:07 +0000 (16:38 +0100)]
dirmngr: Add workaround for broken getaddrinfo.

* dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
first resolving the CNAME.
(get_dns_cname): New.

* dirmngr/t-dns-stuff.c (main): Add option --cname.
--

At least the getaddrinfo implementation in glibc 2.19-13 from Debian
returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
addresses.  Looking at the wire the data is correctly returned from
the server but getaddrinfo seems to get confused by truncation and
retry.  To fix this we resolve the CNAME again and call getaddrinfo
again with the canonical name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Better handle systems without IPv6 or IPv4.
Werner Koch [Sat, 24 Oct 2015 14:27:47 +0000 (16:27 +0200)]
dirmngr: Better handle systems without IPv6 or IPv4.

* dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.

3 years agodirmngr: Replace use of getnameinfo by resolve_dns_addr.
Werner Koch [Sat, 24 Oct 2015 10:25:17 +0000 (12:25 +0200)]
dirmngr: Replace use of getnameinfo by resolve_dns_addr.

* dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
(map_host): Use resolve_dns_addr.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Implement a getnameinfo wrapper.
Werner Koch [Sat, 24 Oct 2015 14:27:47 +0000 (16:27 +0200)]
dirmngr: Implement a getnameinfo wrapper.

* dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
(DNS_WITHBRACKET): New.
* dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
(map_eai_to_gpg_error): new.
(resolve_addr_standard): New.
(resolve_dns_addr): New.

* dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
* dirmngr/dns-stuff.c (is_ip_address): here.  Add support for non
bracketed v6 addresses.

* dirmngr/t-dns-stuff.c: Remove header netdb.h.
(main): Add option --bracket.  Use resolve_dns_name instead of
getnameinfo.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Provide an interface to patch TOFU updates.
Neal H. Walfield [Fri, 23 Oct 2015 15:23:17 +0000 (17:23 +0200)]
gpg: Provide an interface to patch TOFU updates.

* g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
Rename end_transaction to savepoint_batch_commit.  Update users.
Remove field rollback.  Add fields savepoint_inner and
savepoint_inner_commit.  Add field batch_update.
(dump_cache): New function.
(batch_update): New variable.
(begin_transaction). New function.
(end_transaction): New function.
(rollback_transaction): New function.
(tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
(closedb): End any pending batch transaction.
(closedbs): Assert that none of the DBs have a started batch
transaction if we not in batch mode.
(record_binding): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
Also start a batch mode transaction if we are using the flat format.
(tofu_register): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
* g10/gpgv.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
* g10/test-stubs.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Cache prepared SQL queries and open DB connections.
Neal H. Walfield [Fri, 23 Oct 2015 11:42:50 +0000 (13:42 +0200)]
gpg: Cache prepared SQL queries and open DB connections.

* g10/tofu.c: Include <stdarg.h>.
(prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
(queries) [DEBUG_TOFU_CACHE]: New variable.
(struct db): Add fields prevp, begin_transaction, end_transaction,
rollback, record_binding_get_old_policy, record_binding_update,
record_binding_update2, get_policy_select_policy_and_conflict,
get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
get_trust_gather_other_keys, register_already_seen, and
register_insert.
[DEBUG_TOFU_CACHE]: Add field hits.
(STRINGIFY): New macro.
(STRINGIFY2): New macro.
(enum sqlite_arg_type): New enum.
(sqlite3_stepx): New function.
(combined_db): Remove variable.
(opendb): Don't cache the combined db.
(struct dbs): New struct.  Update users to use this as the head of the
local DB list rather than overloading struct db.
(unlink_db): New function.
(link_db): New function.
(db_cache): New variable.
(db_cache_count): New variable.
(DB_CACHE_ENTRIES): Define.
(getdb): If the dbs specific cache doesn't include the DB, look at
DB_CACHE.  Only if that also doesn't include the DB open the
corresponding DB.
(closedb): New function.
(opendbs): Don't open the combined DB.  Just return an initialized
struct dbs.
(closedbs): Don't close the dbs specific dbs.  Attach them to the
front of DB_CACHE.  If DB_CACHE contains more than DB_CACHE_ENTRIES,
close enough dbs from the end of the DB_CACHE list such that DB_CACHE
only contains DB_CACHE_ENTRIES.  Don't directly close the dbs, instead
use the new closedb function.
[DEBUG_TOFU_CACHE]: Print out some statistics.
(record_binding): Use sqlite3_stepx instead of sqlite3_exec or
sqlite3_exec_printf.
(get_policy): Likewise.
(get_trust): Likewise.
(tofu_register): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Return the DBs meta-handle rather than the sqlite3 handle.
Neal H. Walfield [Wed, 21 Oct 2015 19:16:43 +0000 (21:16 +0200)]
gpg: Return the DBs meta-handle rather than the sqlite3 handle.

* g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Use the proper type.
Neal H. Walfield [Wed, 21 Oct 2015 18:24:27 +0000 (20:24 +0200)]
gpg: Use the proper type.

* g10/options.h: Include "tofu.h".
(opt.tofu_default_policy): Change type to enum tofu_policy.
* g10/gpgv.c (enum tofu_policy): Don't redeclare.
* g10/test-stubs.c (enum tofu_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Implement Tor mode for SRV RRs.
Werner Koch [Thu, 22 Oct 2015 08:14:10 +0000 (10:14 +0200)]
dirmngr: Implement Tor mode for SRV RRs.

* dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
(my_adns_init): new.
(getsrv)[USE_ADNS]: Use my_adns_init.
(getsrv)[!USE_ADNS]: Return an error if Tor mode is active.

* dirmngr/t-dns-stuff.c: Add option --use-tor.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Do not use MAXDNAME.
Werner Koch [Thu, 22 Oct 2015 07:52:51 +0000 (09:52 +0200)]
dirmngr: Do not use MAXDNAME.

* dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
* dirmngr/dns-stuff.h (MAXDNAME): Remove.
(struct srventry): Use a fixed value instead of MAXDNAME.
* dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
Malloc a helper array.

--

Depending on the order of included headers it might be that we allocate
the array with a different size than what we test against in another
module.  To make it more robust we use the actual known size of
checking.

A better would be to use a linked list and avoid these large arrays.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoMove SRV RR code from common/ to dirmngr/.
Werner Koch [Thu, 22 Oct 2015 07:22:41 +0000 (09:22 +0200)]
Move SRV RR code from common/ to dirmngr/.

* common/srv.c: Merge into dirmngr/dns-stuff.c.  Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h.  Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h.  The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Use the new DNS wrapper for the HTTP module.
Werner Koch [Wed, 21 Oct 2015 20:41:12 +0000 (22:41 +0200)]
dirmngr: Use the new DNS wrapper for the HTTP module.

* dirmngr/t-http.c (main): Init assuan sockets.
* dirmngr/http.c: Include dns-stuff.h.
(connect_server)[!HAVE_GETADDRINFO]: Remove all code.
(connect_server): Change to use resolve_dns_name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Allow use of http.c if USE_NPTH is not defined.
Werner Koch [Wed, 21 Oct 2015 20:38:21 +0000 (22:38 +0200)]
dirmngr: Allow use of http.c if USE_NPTH is not defined.

* dirmngr/http.c (send_request): Always set the gnutls pull/push
functions.
(my_npth_read): Rename to ...
(my_gnutls_read) .. this.  Use system read if !USE_NPTH.
(my_npth_write): Rename to ...
(my_gnutls_write) .. this.  Use system write if !USE_NPTH.
--

This is necessary to run t-http because we once switched to a ref
counted object with the socket descriptor.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Check that getaddrinfo is available.
Werner Koch [Wed, 21 Oct 2015 20:11:59 +0000 (22:11 +0200)]
dirmngr: Check that getaddrinfo is available.

* dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
(t_ldap_parse_uri_SOURCES): Ditto.
* dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
available.
--

We used to have replacement code for getaddrinfo and thus check for it
in configure.  However, this was for the old http and dns-cert code
from common/.  For dirmngr I made liberal use of getaddrinfo w/o
without checking.  Just in case someone tries to build on an old
platform we now error our with a suitable #error.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add a new OpenPGP card vendor.
Werner Koch [Wed, 21 Oct 2015 16:23:25 +0000 (18:23 +0200)]
gpg: Add a new OpenPGP card vendor.

--

3 years agoChange capitalization of TOR to Tor.
Werner Koch [Wed, 21 Oct 2015 16:14:24 +0000 (18:14 +0200)]
Change capitalization of TOR to Tor.

--

3 years agodirmngr: Use the new DNS wrapper for the HKP engine.
Werner Koch [Wed, 21 Oct 2015 15:46:21 +0000 (17:46 +0200)]
dirmngr: Use the new DNS wrapper for the HKP engine.

* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
dns_addrinfo_t.
(map_host): Replace getaddrinfo by resolve_dns_name.
--

Note that we still need to replace getnameinfo so that the PTR lookup
is either suppressed or also done via ADNS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Implement a getaddrinfo wrapper.
Werner Koch [Wed, 21 Oct 2015 15:55:56 +0000 (17:55 +0200)]
dirmngr: Implement a getaddrinfo wrapper.

* dirmngr/dns-stuff.h: Include some header files.
(dns_addinfo_t, dns_addrinfo_s): New.
* dirmngr/dns-stuff.c: Always include DNS related headers.
(free_dns_addrinfo): New.
(resolve_name_standard): New.
(resolve_dns_name): New.

* dirmngr/t-dns-stuff.c: Include netdb.h.
(main): Keep old default mode with no args but else print outout of
resolve_dns_name.  Revamp option parser.
--

This wrapper allows us to switch to ADNS and thus Tor for standard
name resultion.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add more replacement error codes.
Werner Koch [Wed, 21 Oct 2015 15:38:33 +0000 (17:38 +0200)]
common: Add more replacement error codes.

* common/util.h (GPG_ERR_SERVER_FAILED): New.
(GPG_ERR_NO_KEY): New.
(GPG_ERR_NO_NAME): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: If the saved trust model is unknown, default to tofu+pgp.
Neal H. Walfield [Wed, 21 Oct 2015 11:37:11 +0000 (13:37 +0200)]
gpg: If the saved trust model is unknown, default to tofu+pgp.

* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't accidentally free UTK_LIST.
Neal H. Walfield [Wed, 21 Oct 2015 11:36:12 +0000 (13:36 +0200)]
gpg: Don't accidentally free UTK_LIST.

* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
Neal H. Walfield [Wed, 21 Oct 2015 11:31:00 +0000 (13:31 +0200)]
gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.

* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: If a key is ultimate trusted, return that in the tofu model.
Neal H. Walfield [Wed, 21 Oct 2015 11:35:27 +0000 (13:35 +0200)]
gpg: If a key is ultimate trusted, return that in the tofu model.

* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted.  If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Andre Heinecke <aheinecke@intevation.de>
3 years agogpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
Neal H. Walfield [Wed, 21 Oct 2015 11:28:15 +0000 (13:28 +0200)]
gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.

* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Factor out code into a standalone function.
Neal H. Walfield [Wed, 21 Oct 2015 10:52:56 +0000 (12:52 +0200)]
gpg: Factor out code into a standalone function.

* g10/trustdb.c (tdb_keyid_is_utk): New function.
(add_utk): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Allow building with libassuan < 2.3.
Neal H. Walfield [Tue, 20 Oct 2015 18:53:40 +0000 (20:53 +0200)]
dirmngr: Allow building with libassuan < 2.3.

* dirmngr/http.c (send_request): Use newer assuan function only if
available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 4e42ad30

3 years agogpg: Make the tofu DB check and initialization atomic.
Neal H. Walfield [Tue, 20 Oct 2015 18:42:44 +0000 (20:42 +0200)]
gpg: Make the tofu DB check and initialization atomic.

* g10/tofu.c (initdb): Make the version check and the database
initialization atomic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Andre Heinecke <aheinecke@intevation.de>
3 years agobuild: Make --disable-g13 the default.
Werner Koch [Wed, 21 Oct 2015 08:34:41 +0000 (10:34 +0200)]
build: Make --disable-g13 the default.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13.  Remove
--enable-gpgtar because that is enabled anyway.
* configure.ac: Do not build g13 by default.
--

The g13 part is not very useful for a standard user right now, thus do
not build it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Rename file dns-cert.c.
Werner Koch [Wed, 21 Oct 2015 08:29:02 +0000 (10:29 +0200)]
dirmngr: Rename file dns-cert.c.

* dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
* dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
includers.
* dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
* dirmngr/Makefile.am: Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add status code for use by g13.
Werner Koch [Wed, 21 Oct 2015 06:30:52 +0000 (08:30 +0200)]
common: Add status code for use by g13.

* common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.

3 years agodirmngr: Prefer ADNS over system resolver.
Werner Koch [Tue, 20 Oct 2015 17:03:26 +0000 (19:03 +0200)]
dirmngr: Prefer ADNS over system resolver.

* configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
(USE_DNS_CERT): Prefer ADNS over the system resolver.
* dirmngr/dns-cert.c (tor_mode): New global var.
(enable_dns_tormode): New func.
(get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
* dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.

3 years agow32: Allow building again.
Werner Koch [Tue, 20 Oct 2015 15:33:18 +0000 (17:33 +0200)]
w32: Allow building again.

* dirmngr/http.c (connect_server): Fix called function name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Allow building without SQLlite support.
Werner Koch [Tue, 20 Oct 2015 15:32:23 +0000 (17:32 +0200)]
build: Allow building without SQLlite support.

* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.

* g10/Makefile.am (tofu_source): New.  Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--

This allows to build a minimal version of GnuPG.  It is also currently
required to build for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Don't die immediately if the TOFU DB is locked.
Neal H. Walfield [Tue, 20 Oct 2015 13:12:23 +0000 (15:12 +0200)]
gpg: Don't die immediately if the TOFU DB is locked.

* g10/tofu.c (opendb): Don't die immediately if the DB is locked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve output.
Neal H. Walfield [Tue, 20 Oct 2015 12:53:29 +0000 (14:53 +0200)]
gpg: Improve output.

* g10/tofu.c (get_trust): Also show the binding when indicating a
conflict occurred.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Synchronize translation template.
Neal H. Walfield [Tue, 20 Oct 2015 12:52:39 +0000 (14:52 +0200)]
gpg: Synchronize translation template.

* g10/tofu.c (show_statistics): Synchronize translation template.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When showing conflicts, also show bindings with no recorded sigs.
Neal H. Walfield [Tue, 20 Oct 2015 12:50:21 +0000 (14:50 +0200)]
gpg: When showing conflicts, also show bindings with no recorded sigs.

* g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
NULL, then both time_ago and count should be 0.
(get_trust): Reverse the direction of the join so that we also get
statistics about bindings without any signatures.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>